Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 13:53:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove XSAnyMarshaller AttributeValue Support

Browse Source 
In favor of customizing the authentication converter

Closes gh-8864
This commit is contained in:
Josh Cummings 2020-08-18 13:53:38 -06:00
parent 7b3dda161b
commit 0c696dd58b
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
3 changed files with 3 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProvider.java
View File

@ -34,7 +34,6 @@ import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.xml.ParserPool; import net.shibboleth.utilities.java.support.xml.ParserPool;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime; import org.joda.time.DateTime;
@ -42,8 +41,6 @@ import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistry; import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.schema.XSAny; import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.XSBoolean; import org.opensaml.core.xml.schema.XSBoolean;
import org.opensaml.core.xml.schema.XSBooleanValue; import org.opensaml.core.xml.schema.XSBooleanValue;
@ -520,7 +517,7 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
private Object getXmlObjectValue(XMLObject xmlObject) { private Object getXmlObjectValue(XMLObject xmlObject) {
if (xmlObject instanceof XSAny) { if (xmlObject instanceof XSAny) {
return getXSAnyObjectValue((XSAny) xmlObject); return ((XSAny) xmlObject).getTextContent();
} }
if (xmlObject instanceof XSString) { if (xmlObject instanceof XSString) {
return ((XSString) xmlObject).getValue(); return ((XSString) xmlObject).getValue();
@ -542,19 +539,6 @@ public final class OpenSamlAuthenticationProvider implements AuthenticationProvi
return null; return null;
} }
private Object getXSAnyObjectValue(XSAny xsAny) {
Marshaller marshaller = this.registry.getMarshallerFactory().getMarshaller(xsAny);
if (marshaller != null) {
try {
Element element = marshaller.marshall(xsAny);
return SerializeSupport.nodeToString(element);
} catch (MarshallingException e) {
throw new Saml2Exception(e);
}
}
return xsAny.getTextContent();
}
private static class SignatureTrustEngineConverter implements Converter<Saml2AuthenticationToken, SignatureTrustEngine> { private static class SignatureTrustEngineConverter implements Converter<Saml2AuthenticationToken, SignatureTrustEngine> {
@Override @Override

32
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
View File

@ -41,13 +41,11 @@ import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.junit.rules.ExpectedException; import org.junit.rules.ExpectedException;
import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Marshaller; import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.assertion.ValidationContext; import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.saml2.core.Assertion; import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeStatement; import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.EncryptedAssertion; import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.EncryptedID; import org.opensaml.saml.saml2.core.EncryptedID;
import org.opensaml.saml.saml2.core.NameID; import org.opensaml.saml.saml2.core.NameID;
@ -257,29 +255,6 @@ public class OpenSamlAuthenticationProviderTests {
assertThat(principal.getAttributes()).isEqualTo(expected); assertThat(principal.getAttributes()).isEqualTo(expected);
} }
@Test
public void authenticateWhenAttributeValueMarshallerConfiguredThenUses() throws Exception {
Response response = response();
Assertion assertion = assertion();
List<AttributeStatement> attributes = attributeStatements();
assertion.getAttributeStatements().addAll(attributes);
signed(assertion, assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, relyingPartyVerifyingCredential());
Element attributeElement = element("<element>value</element>");
Marshaller marshaller = mock(Marshaller.class);
when(marshaller.marshall(any(XMLObject.class))).thenReturn(attributeElement);
try {
XMLObjectProviderRegistrySupport.getMarshallerFactory().registerMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME, marshaller);
this.provider.authenticate(token);
verify(marshaller, atLeastOnce()).marshall(any(XMLObject.class));
} finally {
XMLObjectProviderRegistrySupport.getMarshallerFactory().deregisterMarshaller(AttributeValue.DEFAULT_ELEMENT_NAME);
}
}
@Test @Test
public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception { public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception {
this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE)); this.exception.expect(authenticationMatcher(Saml2ErrorCodes.INVALID_SIGNATURE));
@ -504,11 +479,4 @@ public class OpenSamlAuthenticationProviderTests {
return new Saml2AuthenticationToken(payload, return new Saml2AuthenticationToken(payload,
DESTINATION, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID, Arrays.asList(credentials)); DESTINATION, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID, Arrays.asList(credentials));
} }
private static Element element(String xml) throws Exception {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.parse(new InputSource(new StringReader(xml)));
return doc.getDocumentElement();
}
} }

3
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
View File

@ -312,7 +312,8 @@ final class TestOpenSamlObjects {
Attribute emailAttr = attributeBuilder.buildObject(); Attribute emailAttr = attributeBuilder.buildObject();
emailAttr.setName("email"); emailAttr.setName("email");
XSAny email1 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME); XSAny email1 = new XSAnyBuilder()
.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME); // gh-8864
email1.setTextContent("john.doe@example.com"); email1.setTextContent("john.doe@example.com");
emailAttr.getAttributeValues().add(email1); emailAttr.getAttributeValues().add(email1);
XSAny email2 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME); XSAny email2 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);